Facebook has a history of privacy snafus - but its two latest features seem to be a step in the right direction.

About the Author

Story highlights

When Facebook announces major changes to their site, some users hang eagerly onto CEO Mark Zuckerberg’s every word, but others, especially users who are concerned about their privacy, cringe. Last week's announcement was no different.

At F8, Facebook's annual conference for developers and entrepreneurs, Zuckerberg introduced the social network’s redesigned profile page, which they call the Timeline, and a real-time display of all of the activity happening in your social graph, which they call the Ticker. You may have already noticed the Ticker on their home page, since Facebook began slowly rolling out the changes to its 750 million users in mid-September. For now, the Timeline is only available to Facebook developers, but you can sign up to make your account eligible to receive the feature

Mark Zuckerberg announces Timeline as he delivers a keynote address during the Facebook F8 conference [GALLO/GETTY]

When Facebook announces major changes to their site, some users hang eagerly onto CEO Mark Zuckerberg’s every word, but others, especially users who are concerned about their privacy, cringe. Last week's announcement was no different.

At F8, Facebook's annual conference for developers and entrepreneurs, Zuckerberg introduced the social network’s redesigned profile page, which they call the Timeline, and a real-time display of all of the activity happening in your social graph, which they call the Ticker. You may have already noticed the Ticker on their home page, since Facebook began slowly rolling out the changes to its 750 million users in mid-September. For now, the Timeline is only available to Facebook developers, but you can sign up to make your account eligible to receive the feature earlier than most.

What makes Facebook users so gun shy about new features? Facebook has a track record of privacy snafus. In 2008, Facebook told Canada's Privacy Commissioner that "users are given extensive and precise controls that allow them to choose who sees what among their networks and friends, as well as tools that give them the choice to make a limited set of information available to search engines and other outside entities".

In its subsequent report, the Privacy Commissioner relied on those statements to conclude that Facebook's default settings fell within "reasonable expectations", specifically noting that the privacy settings - and notably, all those related to profile fields - indicate information sharing with "My Networks and Friends". Over the next three years, Facebook debuted a series of features designed to push users to share more information with a wider group of people, all of which were opt-in by default and required a multi-step opt-out process.

In December 2009, Facebook rolled out a set of revamped privacy settingsthat seemed intended to push users to share even more information than before. The privacy "transition tool" that guided users through the configuration process preselected Facebook's "recommended settings" by default - settings which shared content posted to Facebook, such as status messages and wall posts, with everyone on the internet.

That same privacy revamp included a change that classified the list of your friends, your name, current city, gender, networks, and pages you are a "fan" of as "publicly available information" and removed the privacy options that had allowed users to restrict access to much of that information. And if you didn't want your personal information being sucked up by third-party applications, such as the quizzes and games being played by your friends, tough luck. Facebook also eliminated the privacy option that had previously allowed users to opt out of having any information about them shared through the Facebook API.

Even seemingly-innocuous information of the sort Facebook has declared "publicly available" can reveal a lot about you. For example, a 2009 MIT study nicknamed Gaydar demonstrated that researchers could reliably guess a person's sexual orientation by examining their list of friends.

In April 2010, Facebook removed its users ability to control who could see their own interests and personal information when they transformed certain parts of users' profiles, including their current city, hometown, education and work, likes and interests into "connections", which could only be public. The Facebook page announcing the changes used "Cooking" as its example. Previously, you could list "cooking" as an activity you "liked" in your profile, but your name would not be added to any formal "Cooking" page. But now the new Cooking page would publicly display all of the millions of people who listed "cooking" as an activity. This all seem innocuous enough - who would want to conceal their interest in cooking? But this change also created public lists of more controversial interests, such as gay marriage, abortion rights, and drug legalisation. The only way not to share these details was to delete them.

"For years, the broad trend in Facebook's eroding privacy policy has been towards more permissive default settings."

At the same time, Facebook debuted its "Instant Personalisation" feature, whereby select websites would "personalise you experience using your public Facebook information". The initial sites were Pandora, Yelp, and Microsoft Docs. For people who did not want other websites to have access to Facebook's ever-expanding category of "public information" in their profile, there was nothing to do but to opt out. Not only was the opt-out process byzantine, but Facebook changed the opt-out process a few days into the debut, so that the original instructions were no longer valid.

In December 2010, Facebook started to roll out their "facial recognition" feature, which works by using facial recognition technology to examine photos in which you have already been tagged and creating a "facial fingerprint". Using this information, Facebook suggests your name to your friends when they upload a photo of you, and invites them to tag you in that photo. Like most new Facebook features, this one was turned on by default and required navigation through a maze of menus to opt out.

For years, the broad trend in Facebook's eroding privacy policy has been towards more permissive default settings and more sharing of data with third-party applications, which can be installed by you or your friends. Changes to the Facebook user experience have usually meant two threats to privacy: accidental leakage of private or sensitive data through misuse of the privacy settings or reliance on default settings, and the steady flow of more personal data to third-party applications.

More of the same?

So, are Facebook's new Ticker and Timeline just more of the same? Has Facebook launched another set of features that you are automatically opted into, with inscrutable privacy settings and defaults set to share everything with the entire internet? The answer appears to be "not really". You may be automatically opted into the Ticker, but it respects all of your extant privacy settings. If you post a status update to a specific group of friends, only those friends will see it in their Tickers. The same holds true for applications - the Applications menu also allows you to limit the people who see notifications from each individual application. With a few clicks, your friends may see how much time you spend playing Farmville, but your boss will not.

One notable exception is what Facebook calls "install stories" - the message that is posted when you install an application. There have been reports of install stories that do not respect privacy controls at this time and may be published on all of your friends' Tickers. Product managers at Facebook have said that they are in the process of fixing this "bug", but security problems this late in the game indicate the potential for other privacy leaks.

In contrast, Facebook's Timeline is opt-in for now. Eventually all Facebook users will have to make the switch from profile pages to the Timeline, but Facebook has not given an indication as to when that deadline may be. All of the elements in the Timeline - your status updates and photographs, messages and updates from games and applications - are supposed to respect your current privacy settings. If you should go back through your Timeline and find an errant post or an embarrassing picture, you will be able to control the privacy settings on every element.

Intriguingly, Facebook has tacitly acknowledged that it can take some time to get used to a new layout and to decide what you are comfortable sharing, and with whom. The Timeline includes a "curation period", a five-day window when you can see your Timeline, but other people can't. This is the best indication I have seen that Facebook has listened to its users, who dread logging into the site to discover that everything has changed, they don't know where the controls are located, and they're not certain that their private information is private anymore. While I will continue to keep a wary eye out for security problems and privacy leaks, especially in the early days of these two products, it looks like Facebook is taking a step in the right direction.

Eva Galperin is an activist for the Electronic Frontier Foundation.

The views expressed in this article are the author's own and do not necessarily reflect Al Jazeera's editorial policy.

Content on this website is for general information purposes only. Your comments
are provided by your own free will and you take sole responsibility for any direct
or indirect liability. You hereby provide us with an irrevocable, unlimited, and
global license for no consideration to use, reuse, delete or publish comments, in
accordance with Community Rules & Guidelines and Terms and Conditions.